Presently, I work IT for a company with around 1000 machines. We presently have no Mac in place running OS X server and we pretty much join the ~40 Macs that we do have to our Active Directory domain ending in .local. We've found that doing this really only buys us login credential consistency and nothing else. Otherwise, our Macs are consistently having issues authenticating, both at login and to shared resources. As of Mavericks, several users will now lose connection to our file servers (one of which is a NetApp NAS and the other of which is a server running Windows 2008 R2 Datacenter Edition). Both servers serve via SMB. I know that, as of Mavericks, OS X defaults to SMB2 when "smb://" is used. Figuring that using "cifs://" forces Mavericks to switch back to the original SMB protocol, I have invoked that and have found that my mileage hasn't changed much, if at all. Password resets for users is a nightmare too given that few of them pay attention to the part where they are asked to update their keychain; often resulting in broken keychains. This is not hard to resolve, but it is legitimately annoying both for us and for them. Furthermore, joining Macs to the Active Directory Domain is a bit of a hassle as well; certainly more than is advertised by Apple in switching material and the Mac Integration Basics certification course. Given that only a few users use things for which there are not Windows equivalents, I made the bold proposition to transition away from the Mac platform (not because the platform isn't great and not because we think they're bad machines but rather due to conditions that make having them around difficult for all parties involved), which my IT department approved, but was then subsequently shot down by higher-up executives. My research so far suggests that part of the problem is that OS X has grown decreasingly tolerant of .local AD domains since Snow Leopard and that this is a large part of the problem. Other research points me in the direction of doing something like the Golden Triangle. And other research thereafter tells me that there's really no way to improve this situation beyond segregating the platforms by network, which is also not an option. Admittedly, I'm a wiz when it comes to the Mac side of things, but get lost when it comes to the Windows Server side of things. Long story short, given all of this, is there anything I can do to improve the situation? My superiors are looking into a virtualized solution for OS X Server (not hosted on physically present Apple hardware); though, correct me if I'm wrong, I do not believe that's feasible. Is there any way to make the experience of managing these Macs less difficult/annoying?